Qakbot Trojan IOCs - Part 31

Qakbot (Qbot) - это банковский троян - вредоносная программа, предназначенная для сбора банковской информации у жертв. Qbot нацелен на организации преимущественно в США. Он оснащен различными сложными функциями уклонения и кражи информации, червеподобной функциональностью и сильным механизмом персистенции.

Indicators of Compromise

IPv4 Port Combinations

• 100.6.31.96:443
• 101.184.134.98:2222
• 102.156.77.237:443
• 102.158.69.237:443
• 103.111.70.66:443
• 103.111.70.66:995
• 103.113.68.33:443
• 103.123.223.141:443
• 103.140.174.20:2222
• 103.141.50.79:995
• 103.144.201.53:2078
• 103.144.201.56:2078
• 103.212.19.254:995
• 103.42.86.42:995
• 103.78.55.136:443
• 104.35.24.154:443
• 105.184.103.142:995
• 105.184.209.37:995
• 107.146.12.26:2222
• 108.32.72.145:443
• 109.11.175.42:2222
• 109.151.87.122:443
• 109.154.254.126:2222
• 109.159.118.107:2222
• 109.159.118.65:2222
• 109.218.12.137:2222
• 109.50.143.218:2222
• 112.222.83.147:6881
• 114.143.176.235:443
• 116.72.250.18:443
• 116.74.163.233:443
• 116.74.164.235:443
• 116.74.164.245:443
• 119.82.123.160:443
• 12.172.173.82:20
• 12.172.173.82:2087
• 12.172.173.82:21
• 12.172.173.82:22
• 12.172.173.82:32101
• 12.172.173.82:465
• 12.172.173.82:50001
• 12.172.173.82:993
• 12.172.173.82:995
• 122.184.143.83:443
• 122.186.210.254:443
• 123.3.240.16:995
• 124.149.143.189:2222
• 125.99.69.178:443
• 125.99.76.102:443
• 136.175.69.147:443
• 136.232.184.134:995
• 136.244.25.165:443
• 139.226.47.229:995
• 14.192.241.76:995
• 14.200.181.108:443
• 144.64.226.144:443
• 151.51.235.22:443
• 151.62.160.232:443
• 151.65.213.208:443
• 155.190.1.4:443
• 157.119.85.203:443
• 161.142.103.5:995
• 162.248.14.107:443
• 172.115.17.50:443
• 172.248.42.122:443
• 172.90.139.138:2222
• 174.118.63.123:443
• 174.171.10.179:443
• 174.171.130.96:443
• 174.21.64.35:2222
• 174.4.89.3:443
• 176.133.4.230:995
• 176.142.207.63:443
• 176.202.45.209:443
• 178.175.187.254:443
• 180.156.215.130:995
• 182.185.159.137:995
• 183.87.163.165:443
• 184.153.132.82:443
• 184.176.35.223:2222
• 184.182.66.109:443
• 185.69.145.198:443
• 186.64.67.25:443
• 186.64.67.61:443
• 186.64.87.204:443
• 190.78.69.250:2222
• 195.74.245.190:995
• 197.0.93.198:443
• 197.92.131.255:443
• 198.2.51.242:993
• 2.237.150.131:2222
• 2.36.64.159:2078
• 2.82.8.80:443
• 201.210.85.178:2222
• 201.244.108.183:995
• 202.142.98.62:443
• 202.142.98.62:995
• 202.184.218.218:443
• 209.216.123.118:3389
• 209.93.207.224:2222
• 212.70.98.78:2222
• 213.240.106.71:995
• 213.66.245.200:2222
• 213.67.139.53:2222
• 213.91.235.146:443
• 23.30.173.133:443
• 23.30.22.225:443
• 23.30.22.225:50003
• 23.30.22.225:993
• 23.30.22.225:995
• 24.139.11.137:443
• 24.206.27.39:443
• 24.236.90.196:2078
• 27.0.48.233:443
• 27.109.19.90:2078
• 27.253.11.10:2222
• 27.99.32.26:2222
• 35.143.97.145:995
• 36.152.128.5:6883
• 37.14.229.220:2222
• 37.166.25.168:21
• 41.186.88.38:443
• 41.227.217.128:443
• 41.230.171.196:443
• 41.62.194.136:443
• 43.243.215.210:443
• 45.50.233.214:443
• 46.64.171.68:443
• 47.196.225.236:443
• 47.205.25.170:443
• 47.21.51.138:443
• 47.34.30.133:443
• 49.175.72.99:443
• 49.245.95.124:2222
• 50.5.45.204:443
• 50.68.186.195:443
• 50.68.204.71:443
• 50.68.204.71:993
• 50.68.204.71:995
• 58.162.223.233:443
• 58.186.75.42:443
• 59.153.96.4:443
• 59.28.84.65:443
• 64.121.161.102:443
• 65.190.242.244:443
• 67.10.2.240:995
• 67.219.197.94:443
• 67.248.21.32:443
• 68.173.170.110:8443
• 68.229.150.95:443
• 69.133.162.35:443
• 70.112.206.5:443
• 70.160.80.210:443
• 70.28.50.223:1194
• 70.28.50.223:2078
• 70.28.50.223:2083
• 70.28.50.223:2087
• 70.28.50.223:32100
• 70.28.50.223:3389
• 70.51.153.108:2222
• 70.64.77.115:443
• 71.171.83.69:443
• 71.31.100.192:443
• 71.31.232.65:995
• 71.38.155.217:443
• 72.134.124.16:443
• 72.200.109.104:443
• 72.203.216.98:2222
• 72.205.104.134:443
• 72.88.245.71:443
• 73.207.160.219:443
• 73.22.121.210:443
• 73.36.196.11:443
• 74.102.98.63:2222
• 74.66.134.24:443
• 74.92.243.115:50000
• 75.109.111.89:443
• 75.115.14.189:443
• 75.143.236.149:443
• 75.149.21.157:443
• 75.98.154.19:443
• 76.170.252.153:995
• 76.178.148.107:2222
• 76.64.99.251:2222
• 76.80.180.154:993
• 76.86.31.59:443
• 77.126.11.114:443
• 77.126.185.173:443
• 77.86.98.236:443
• 78.130.215.67:443
• 78.159.145.17:995
• 78.159.147.45:995
• 78.16.207.80:443
• 78.192.109.105:2222
• 78.92.133.215:443
• 79.42.241.244:443
• 79.77.142.22:2222
• 80.12.88.148:2222
• 80.3.209.218:443
• 81.101.185.146:443
• 81.147.181.139:443
• 81.150.42.123:443
• 81.229.117.95:2222
• 82.212.107.207:443
• 83.114.60.6:2222
• 83.77.208.166:2222
• 84.108.200.161:443
• 84.155.13.118:995
• 84.215.202.8:443
• 84.35.26.14:995
• 85.2.185.70:2222
• 85.241.180.94:443
• 85.245.221.87:2078
• 85.61.165.153:2222
• 86.130.9.222:2222
• 86.130.9.243:2222
• 86.154.216.221:2222
• 86.171.191.31:443
• 86.176.144.145:2222
• 86.176.87.35:2222
• 86.180.120.159:2222
• 86.188.22.217:443
• 86.195.14.72:2222
• 86.209.8.236:2222
• 86.225.214.138:2222
• 86.45.66.141:2222
• 86.97.66.70:2222
• 86.98.23.66:443
• 86.99.79.136:2222
• 87.200.170.30:443
• 87.223.89.244:443
• 87.243.146.59:443
• 87.57.13.215:443
• 88.122.133.88:32100
• 88.126.94.4:50000
• 89.129.109.27:2222
• 89.79.229.50:443
• 90.104.151.37:2222
• 90.211.192.113:443
• 90.4.110.221:2222
• 90.55.106.37:2222
• 90.70.150.94:2222
• 90.78.147.141:2222
• 90.93.132.149:2222
• 91.160.70.68:32100
• 91.165.188.74:50000
• 91.169.12.198:32100
• 91.82.133.190:443
• 92.1.170.110:995
• 92.149.250.113:2222
• 92.154.17.149:2222
• 92.189.214.236:2222
• 92.20.204.198:2222
• 92.239.81.124:443
• 92.27.86.48:2222
• 92.9.45.20:2222
• 92.97.227.224:2222
• 93.150.183.229:2222
• 94.5.98.77:443
• 95.242.101.251:995
• 95.60.243.61:995
• 95.60.243.84:995
• 96.87.28.170:2222
• 98.145.23.67:443
• 98.37.25.99:443
• 99.228.131.116:2222

Domains

• alostool-sa.com
• alzheimersdigest.net
• androidposme.com
• antoinettegabriel.com
• bytedesign.net
• chancerylaw.net
• choicefaz.com.br
• daikinyetkiliservisi.com
• estudiovictorpacheco.com
• farmfutures.in
• fortune.travel
• getbuttn.com
• goldenmoviesawards.com
• graphixcreativity.com
• hazonchurch.org
• ingenieriacamporiego.com
• internationalvocalcoach.com
• lesdelicesdeyannick.com
• lylrefrigeracion.com.pe
• medano355condominio.com
• milleniuninformatica.com.br
• mmhhf.com
• mongomo-bf.com
• myanmargolffederation.org
• netultra.com.br
• qassimnews.com
• ride1atv.com
• rzbpo.com.br
• seicas.com
• soaresdesigner.com.br
• stealingexcellence.com
• stragician.com
• symbia.com.pk
• teleguiando.com
• t-lows.com

URLs

• http://147.135.248.250/RPgt1jLiS.dat
• http://149.102.243.204/Evgz1KCDiKX.dat
• http://154.47.17.180/7PQTuXfbYNGp.dat
• http://194.165.59.51/555555.dat
• http://1tenshipping.com/blo/me.zip
• http://203.96.177.111/555555.dat
• http://45.159.249.33/daf1EUj37WH.dat
• http://45.66.248.187/JWW0Wa81oh9O.dat
• http://5.42.221.124/FZcIaP2.dat
• http://51.222.199.244/yFpsUiV.dat
• http://70.34.218.85/DM38qk2aKz22.dat
• http://74.119.193.49/DxYkFOVBR.dat
• http://79.141.174.253/izC8gLO0xZ.dat
• http://87.236.146.236/555555.dat
• http://87.236.146.34/7sGFdRFCkgQ.dat
• http://87.236.146.93/pnqg2H.dat
• http://91.193.19.217/555555.dat
• http://94.131.101.15/555555.dat
• http://94.131.117.45/555555.dat
• http://actionhakoora.com/blo/me.zip
• http://akimile.com.pe/blo/me.zip
• http://alertasecurity.net/blo/me.zip
• http://almacorp.com/blo/me.zip
• http://arenatransautos.com.br/blo/me.zip
• http://asiaengrs.com/blo/me.zip
• http://autonaprawa.org.pl/blo/me.zip
• http://availguide.com/blo/me.zip
• http://barkaatart.com/blo/me.zip
• http://bikersho.webd.pro/blo/me.zip
• http://blogmedia.ge/blo/me.zip
• http://blogonnet.com/blo/me.zip
• http://boticamedicalmarket.com.pe/blo/me.zip
• http://computaciontandil.com/blo/me.zip
• http://curriculovirtual.com/blo/me.zip
• http://dalexglobal.com/blo/me.zip
• http://datasafe-services.co.uk/blo/me.zip
• http://datekmexico.com/blo/me.zip
• http://delivaroobd.com/blo/me.zip
• http://devscorner.net/blo/me.zip
• http://dreamwebservice.in/blo/me.zip
• http://dubaiframeticket.com/blo/me.zip
• http://engaging.media/blo/me.zip
• http://eo-serije.com/blo/me.zip
• http://epec.com.bd/blo/me.zip
• http://eugbc.net/blo/me.zip
• http://eurofarm.ge/blo/me.zip
• http://excessinteriors.in/blo/me.zip
• http://farm-sharing.at/blo/me.zip
• http://flaxeninfosoft.in/blo/me.zip
• http://forxtra.com/blo/me.zip
• http://g2iprovisaoamericana.med.br/blo/me.zip
• http://globallinks-fas.com/blo/me.zip
• http://graviana.com/blo/me.zip
• http://grecokitchens.com/blo/me.zip
• http://hc-solution.com/blo/me.zip
• http://hos.com.pk/blo/me.zip
• http://iamss.ir/blo/me.zip
• http://impexpower.com/blo/me.zip
• http://india-shoppy.com/blo/me.zip
• http://intansejahteraberkahindo.com/blo/me.zip
• http://itpcorbeanca.ro/blo/me.zip
• http://jangocouture.com/blo/me.zip
• http://javaherbal.co.id/blo/me.zip
• http://kalog.vn/blo/me.zip
• http://kemonp.com/blo/me.zip
• http://kingstylehomes.com.au/blo/me.zip
• http://klikworx.com/blo/me.zip
• http://knowledgeelitegame.xyz/blo/me.zip
• http://l2solucoes.com.br/blo/me.zip
• http://lafilgroup.com/blo/me.zip
• http://lawyerkh.com/blo/me.zip
• http://ldsinternacional.com/blo/me.zip
• http://lewisraby.co.uk/blo/me.zip
• http://lordbhumiassociates.com/blo/me.zip
• http://masteryourminds.com/blo/me.zip
• http://mdea.gob.pe/blo/me.zip
• http://megashops.com.br/blo/me.zip
• http://milleniuninformatica.com.br/Le9/JLOJaks
• http://moiziqbal.com/blo/me.zip
• http://mothercolor.com/blo/me.zip
• http://movarlogistics.com/blo/me.zip
• http://multconsultlaboratories.com/blo/me.zip
• http://nocek700.webd.pl/blo/me.zip
• http://nugerirx.com/blo/me.zip
• http://orangemultimedia.in/blo/me.zip
• http://pallasidiomas.com.br/blo/me.zip
• http://parintieducati.ro/blo/me.zip
• http://promel.pe/blo/me.zip
• http://qeepsolutions.co.ke/blo/me.zip
• http://quseynoff.com/blo/me.zip
• http://rpalma.com.br/blo/me.zip
• http://satrans.com.au/blo/me.zip
• http://saugatimilsina.com.np/blo/me.zip
• http://secondstep-sy.com/blo/me.zip
• http://seedsindia.org/blo/me.zip
• http://smartfact.pe/blo/me.zip
• http://staging.tripscon.com/blo/me.zip
• http://staging-api.tripscon.com/blo/me.zip
• http://terrasdepiri.com.br/blo/me.zip
• http://test.azfiber.net/blo/me.zip
• http://tevoi.info/blo/me.zip
• http://thespringsportal.org/blo/me.zip
• http://torzilliseguros.com.ar/blo/me.zip
• http://tremac.hr/blo/me.zip
• http://tvspropertyindia.in/blo/me.zip
• http://uoalhuda.edu.iq/blo/me.zip
• http://vcatransformadores.com.br/blo/me.zip
• http://vedantawisdom.org/blo/me.zip
• http://vrindatechnologies.com/blo/me.zip
• http://watersedgebunbury.com.au/blo/me.zip
• http://yatratheconnection.com/blo/me.zip
• http://ytdown.site/blo/me.zip
• http://zainmotors2008.com/blo/me.zip
• https://7starsq8.com/blo/me.zip
• https://alostool-sa.com/XsXYod/eriUb
• https://alzheimersdigest.net/ZKpva/eJK5Yce0Yn
• https://androidposme.com/oR6B5H1/Bqxwph
• https://antoinettegabriel.com/YuUE/JeGy3f
• https://apartmengreenpramukacity.com/blo/me.zip
• https://asgharintl.net/blo/me.zip
• https://bytedesign.net/vPqyWxb/020423.gif
• https://chancerylaw.net/JgzJX/TV1ab20tp3E
• https://choicefaz.com.br/w1W2/swKtsZ
• https://daikinyetkiliservisi.com/ri/vitaeest.php
• https://datasafe-services.co.uk/blo/me.zip
• https://datekmexico.com/blo/me.zip
• https://devscorner.net/blo/me.zip
• https://estudiovictorpacheco.com/ZkWkl/krTFIxF
• https://farmfutures.in/tlUtBc/2rRxuCF
• https://fortune.travel/4dAe/T8yKWa
• https://garrisonsloan.com/blo/me.zip
• https://getbuttn.com/MDh/6cgSX
• https://goldenface.org/blo/me.zip
• https://goldenmoviesawards.com/kMx/Z6mSJyuH8de
• https://graphixcreativity.com/MoJBQ/waqgsuG9E75Q
• https://hazonchurch.org/az4/9elWvziuT
• https://ingenieriacamporiego.com/ZaO/DwvkLm03L
• https://internationalvocalcoach.com/3qAZw/zJZmOkMz
• https://klikworx.com/blo/me.zip
• https://lesdelicesdeyannick.com/EmF/gteqlfxZYwq
• https://lylrefrigeracion.com.pe/eod/eumest.php
• https://medano355condominio.com/Tt7l/CkaQhsMIEQf
• https://mmhhf.com/cyoaLCj/puhGmUOXZJP
• https://mongomo-bf.com/met/etatque.php
• https://myanmargolffederation.org/G22/bvsd3WRgwYC
• https://netultra.com.br/bSqAMi/JWxpp
• https://pishonhelpinghands.ca/odt/odt.php
• https://qassimnews.com/yweNej/Fkx6Uh9iU
• https://ride1atv.com/I8STWq/tZ5ccUjO3U1
• https://runsandtrails.com/eov/eov.php
• https://rzbpo.com.br/0MqaE/LOcu3jL
• https://safe.bbits.solutions/blo/me.zip
• https://seicas.com/KvtM0/IZG4MIirG0Ys
• https://soaresdesigner.com.br/QkSwp8/KgD1h2KtPTmb
• https://stealingexcellence.com/rVR9r/xC0Q6q
• https://stragician.com/uq63l/6RqippFs
• https://symbia.com.pk/etu/suntblanditiis.php
• https://teleguiando.com/gHZo4/Tpxe6fuUybH
• https://test.azfiber.net/blo/me.zip
• https://t-lows.com/ggAJ2m/bX4qpXO
• https://torzilliseguros.com.ar/blo/me.zip

Emails

• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]

MD5

• 03610dde3d199f5119856bf9529dc4ef
• 04ae096932b7c717fa5caa3cc518cdbd
• 14b313d581003ba170831bcdcd64f519
• 14f1b4beb0165e13be332aeaa802cb78
• 21ba0c4d9f069309dcaf0b53b294a072
• 21c51a8c7a408f62510ba211d2b35ef0
• 2b375dd3154224881f4f56fd0dbf6c13
• 3375a8d25796437497dd2859b297573a
• 366f2519d53c7c63393e2a04f578a9a4
• 434204f5b8d85b07c014f1e9b0eeb16b
• 4b1858d316886f3716665aa53bcebd33
• 529118c9db710357b3e504f6c9436da0
• 601fb8b37d1ad16aea6c0cf528be1b05
• 6bc1e26c039cf981095e41e26680b1ad
• 6d17d9419ef4ab55d49dec4bea0be466
• 874995edb7a7064ca83a20945ecc30e5
• 89fe89c82293d926f4f094cb29237a22
• 8ce862d8e2d3bc573c7738d8ef088d06
• 8cf51e36ed76b5fe85257db8d73b257e
• aab6f8b98c8c92dbfb9f279456c54953
• b01dd0835ec8a0ac22158262f5d51831
• b54066686786d8c1ae815679eb9ce798
• b64c4eba4869bd392c951c621d9b67d8
• b77e909f8883c4c0654e963f17d64a4c
• bc24096eaec1db9ff98dfdb6f72d9a18
• bce34a42d95ab9f340f68295f5bcabaa
• c1ce989768e2db5163e1a97d6890c15e
• c95a798dcb5ba4623997cb1c860f58f6
• c9fcdff99d7ca0541d97f28559444d9b
• cbf062c11863b5df6db2ef7ac1cf03c7
• ce54104a9979a62ad0d8c31eb477cc50
• d469b71dc6715c944ab7af27d530999b
• d6436592ec67e6a27e3babac1dc830d4
• f09342b23a125ab25811fc43bb39964b
• f2a02951b25423c2383767dd72c3ae6f
• f8486a7ab7aa6a52379ef818ee508c43
• fbb5b2c9049fa1337ac60a5deb6ea279
• fd2ed08a94d646c5a6f8d0de75f609cc
• ff1d6d21cc3d0c883734fd8cf268e8b1

SHA256

• 09f24d38f5ea58a1b5ffe6934973a3faa5ad919977e912e8389c269bf57b8303
• 2200463f3dec4645af3e3e7c690eab58f4312fe1595950cc9d94e821475f80a7
• 2429ad65cfe98f721c999c57356406052765a6240c5d35348a9ef42d36b58223
• 2cca326763f1bdcf3ff3934e842f695c6f5c72020b9bf4e3c879bc18906f941a
• 33eac34b75b28c73c3bf2234c05b51a71d4c5652407a1ee2f8d9ec1134dfe4b2
• 61bc26c30166fe4f13fbd060786d38f487f291f343624562b0fd11408121c762
• a9342dd549b5e8ce479724249fe4f2a38eecb548f54b3a65c2360b6eb41a5ba2
• b929f96f84e652063398debe805980630b52f9ca0b9b2ca314208c9065fc7ff3
• ccc5e0c9e5b31c4d09331832fca9829f3f7d9bf761f3fea7fe49fdb94aa6ac17
• cd36d482a2c8e8cc753d57ef4b4ea7b9574ca457a443652d8d82da3d93402323
• fe4d2ebc920e60116b039236f07e45a9203fce4eaf7e5182c0a8610f49c7397c
• ff90f25066021ea528a55f6927d1a466a7b496442a0f17a6f0972e83e96b3dab